Received: by 2002:a05:6358:16cc:b0:ea:6187:17c9 with SMTP id r12csp207807rwl; Wed, 4 Jan 2023 17:53:36 -0800 (PST) X-Google-Smtp-Source: AMrXdXvZNs+3F2Cv2sdryTaNxjPgOVGiIQzdVygnT17LoV7a3uICatZWBIt2lGOVcw5shwuE0qGO X-Received: by 2002:a05:6a20:d398:b0:ac:1265:d5bb with SMTP id iq24-20020a056a20d39800b000ac1265d5bbmr63432051pzb.49.1672883616282; Wed, 04 Jan 2023 17:53:36 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1672883616; cv=none; d=google.com; s=arc-20160816; b=RL2NbSjieHtHdBJ9yS2DzzN8v0aZ5x1Tm2poaKJlHT26kkB0Bbs3S0DjgTM8x54pIX eyBxHkX6NvOyd/RLjCOZOcZiZMRPAlXuR/lYqtYiRfIUWBjqQLwB/0/SXo/Cj0982dzo /jorwGv+Cz4YFuIFEzUoOJo9l/lSlEo9sm/v/RdypubLCD3Lw+1L6Kvh9JpIed+65nBH ZwF3B3txZwNmACFyuE5JyahM+F1YauxjlPHcZ/sxqU8fp4FUCgQWAbNZLPY8rPDg9ai5 7I77BdjBmt7FrtGl+Y1rdyZkUWYxk56DgwUiNMpXnKHBYrLnZw5e2DQ3rX2Nk1gnylEV guEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:references:message-id:in-reply-to :subject:cc:to:from:date:dkim-signature; bh=sl4NZ25YSkL6ZQKbML8DmcTVFW9Y9x/5TYNGiByW+gg=; b=ZkbZF0UA8Xi7GFJBepR8kjCFfKIK/YK9leqMqmASGDoREMXu/ebF98JvT5yXi7zKEU 6L3AoOPD3/v5iz2yAvBqWBMDidnsG1j0Tsk88YhAC6fz/RavUyibNH6h/eOuCNtC+ru8 9R3yJLIX2+GjloAR9fM/jf2UiLrITkGTW2LlRYSQcJT9N5MDgcuk+73hnd58s/XY2pGD nAckrJefFPuVBaVhtEeuBsgbRbO4yYkoygLdaIo3Esf5726KMmgFIDji1lqzHIK706Ob NbPoQiMwgLQwsWSXPoBL4hQWT2rIG6MRPDIVQTfEf3Fynn1xIcYsAjlp0apHjKLbPrUU WnsQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=YCfhkeRJ; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x206-20020a6331d7000000b0047818d62c89si36428971pgx.237.2023.01.04.17.53.15; Wed, 04 Jan 2023 17:53:36 -0800 (PST) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20210112 header.b=YCfhkeRJ; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229796AbjAEBtV (ORCPT + 99 others); Wed, 4 Jan 2023 20:49:21 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36872 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229746AbjAEBtS (ORCPT ); Wed, 4 Jan 2023 20:49:18 -0500 Received: from mail-pj1-x1031.google.com (mail-pj1-x1031.google.com [IPv6:2607:f8b0:4864:20::1031]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2F7BC3F11E for ; Wed, 4 Jan 2023 17:49:15 -0800 (PST) Received: by mail-pj1-x1031.google.com with SMTP id v13-20020a17090a6b0d00b00219c3be9830so571249pjj.4 for ; Wed, 04 Jan 2023 17:49:15 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:from:to:cc:subject:date:message-id:reply-to; bh=sl4NZ25YSkL6ZQKbML8DmcTVFW9Y9x/5TYNGiByW+gg=; b=YCfhkeRJ+T4ufGGNn5eQ0Ulghck4MzNbRoXe8djTLklyQNcIpOI1pgxQBWlkz9Dv1/ MrwBgG0sWHYlkQd0CoOraa71YigemicovsOwfuXKeZ6DhKoHn2/xedADoY2MJHLIi565 cTOfpVBj1VFCKV5V4ORQR2v8hJonLKhgEoRQmQidopwE/+7ufamQx6MTgv75lqAiM9yb bbNXvO66NYhIr613KAfOR1GNgMJEnFtm8rrPL6SxAfFelasFbs3zslQ56NIFsGyfIoEG gfl6YSbLLeLtrTZ4VrpZuOZWopScD9RcjxPAuDx3WaOCYyOUKbUZuLJc3t15YxfhNLlc J7cw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=mime-version:references:message-id:in-reply-to:subject:cc:to:from :date:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=sl4NZ25YSkL6ZQKbML8DmcTVFW9Y9x/5TYNGiByW+gg=; b=rnm6IgQVtaTMEqzljJ5hB4A/Yp8zc/8HhgLzLoDHSt1M/Mu4/NEmEsjMatnaGt4ZWZ 6rZZcKvZq9Ph1mnMUAXyrWPTkpHcFazOJSdJo8A0adNnmNiOhznQjyg9y1PzNJilgJ26 topKgOgTj2oH/XfeKwDtMlW8BvNC4K1nC2e22fBlwhFhVbyeuorqkqYyzAJpehWv8FzZ jwhibO629kbaXo/AGn111DWmZT1XeEjUq3uMzGrmforKkN7yn8OswDBY55loZ2Qkeo2s kquuC9mDgkKgiHHHlZ/cVO3XcPzKbHobYVyGGoukIVZFJth3vReL3DW78p5k9xiQgt8J H9+w== X-Gm-Message-State: AFqh2kp6x5AIDNfZNsHdaV3V4Sik+KAM3wh5HMzM7Dtpz/CgSCKdb8Ac 0uh7v6SIRWAorRvRQpbR3ZJEbQ== X-Received: by 2002:a17:902:f7d1:b0:192:8a1e:9bc7 with SMTP id h17-20020a170902f7d100b001928a1e9bc7mr67538plw.0.1672883354580; Wed, 04 Jan 2023 17:49:14 -0800 (PST) Received: from [2620:15c:29:203:fc97:724c:15bb:25c7] ([2620:15c:29:203:fc97:724c:15bb:25c7]) by smtp.gmail.com with ESMTPSA id h11-20020a170902680b00b00192849d1209sm5397969plk.96.2023.01.04.17.49.13 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 04 Jan 2023 17:49:13 -0800 (PST) Date: Wed, 4 Jan 2023 17:49:13 -0800 (PST) From: David Rientjes To: Tom Lendacky cc: Herbert Xu , "David S. Miller" , Peter Gonda , Andy Nguyen , linux-kernel@vger.kernel.org, linux-crypto@vger.kernel.org, John Allen Subject: Re: [patch] crypto: ccp - Avoid page allocation failure warning for SEV_GET_ID2 In-Reply-To: <260364a5-f467-f83b-b180-583576ce70ee@amd.com> Message-ID: <271fc4e5-c4cb-a086-fb7f-8b9389570af4@google.com> References: <20221214202046.719598-1-pgonda@google.com> <762d33dc-b5fd-d1ef-848c-7de3a6695557@google.com> <826b3dda-5b48-2d42-96b8-c49ccebfdfed@google.com> <833b4dd0-7f85-b336-0786-965f3f573f74@google.com> <1000d0c8-bd8c-8958-d54f-7e1924fd433d@amd.com> <06de8454-2b29-f3b6-7cf2-c037c2735b6d@google.com> <260364a5-f467-f83b-b180-583576ce70ee@amd.com> MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, 4 Jan 2023, Tom Lendacky wrote: > > > > For SEV_GET_ID2, the user provided length does not have a specified > > > > limitation because the length of the ID may change in the future. The > > > > kernel memory allocation, however, is implicitly limited to 4MB on x86 > > > > by > > > > the page allocator, otherwise the kzalloc() will fail. > > > > > > > > When this happens, it is best not to spam the kernel log with the > > > > warning. > > > > Simply fail the allocation and return ENOMEM to the user. > > > > > > > > Fixes: d6112ea0cb34 ("crypto: ccp - introduce SEV_GET_ID2 command") > > > > Reported-by: Andy Nguyen > > > > Reported-by: Peter Gonda > > > > Suggested-by: Herbert Xu > > > > Signed-off-by: David Rientjes > > > > --- > > > > drivers/crypto/ccp/sev-dev.c | 9 ++++++++- > > > > 1 file changed, 8 insertions(+), 1 deletion(-) > > > > > > > > diff --git a/drivers/crypto/ccp/sev-dev.c b/drivers/crypto/ccp/sev-dev.c > > > > --- a/drivers/crypto/ccp/sev-dev.c > > > > +++ b/drivers/crypto/ccp/sev-dev.c > > > > @@ -881,7 +881,14 @@ static int sev_ioctl_do_get_id2(struct > > > > sev_issue_cmd > > > > *argp) > > > > input_address = (void __user *)input.address; > > > > if (input.address && input.length) { > > > > - id_blob = kzalloc(input.length, GFP_KERNEL); > > > > + /* > > > > + * The length of the ID shouldn't be assumed by software since > > > > + * it may change in the future. The allocation size is > > > > limited > > > > + * to 1 << (PAGE_SHIFT + MAX_ORDER - 1) by the page allocator. > > > > + * If the allocation fails, simply return ENOMEM rather than > > > > + * warning in the kernel log. > > > > + */ > > > > + id_blob = kzalloc(input.length, GFP_KERNEL | __GFP_NOWARN); > > > > > > We could do this or we could have the driver invoke the API with a zero > > > length > > > to get the minimum buffer size needed for the call. The driver could then > > > perform some validation checks comparing the supplied input.length to the > > > returned length. If the driver can proceed, then if input.length is > > > exactly 2x > > > the minimum length, then kzalloc the 2 * minimum length, otherwise kzalloc > > > the > > > minimum length. This is a bit more complicated, though, compared to this > > > fix. > > > > > > > Thanks Tom. IIUC, this could be useful to identify situations where > > input.length != min_length and input.length != min_length*2 and, in those > > cases, return EINVAL? Or are there situations where this is actually a > > valid input.length? > > > > I was assuming that the user was always doing its own SEV_GET_ID2 first to > > determine the length and then use it for input.length, but perhaps that's > > not the case and they are passing a bogus value. > > Except that if the user was always doing that, then we wouldn't be worried > about this case then. But, I think my method is overkill and the simple > approach of this patch is the way to go. > Makes sense, thanks for the clarification. Does that translate into an acked-by? :)